Description of Cisco Router – “Show commands” – Part-1

Show commands:-

SHOW INTERFACE SERIAL 0 ;shows the serial 0 configuration.

SHOW INTERFACES ;displays statistics for all interfaces configured on the switch.

SHOW PROCESS ;displays a router’s CPU utilization.

SHOW HISTORY ;shows last ten commands used.

SHOW CONFIG ; displays information on the startup configuration.

SHOW VERSION ; displays information about the system hadware (RAM/ROM),software version,names of configuration files,and boot-images.This command will also show the current configuration register value.

SHOW RUNNING- CONFIGURATION ;used in privileged exec mode,this command displays the switch’s active configuration file,passwords,system name,and interface settings.

SHOW IP ;shows the current IP configuration.

SHOW IP PROTOCOL ;displays values associated with routing timers and network information associated with the entire router.

SHOW IP INTERFACE ;displays information on the IP interface and access lists.

SHOW CDF NEIGHBORS ; displays information about the devices and their associated networks directly connected to the local device.Information displayed :device identifiers,address lists,port identifiers,capabilities,and platforms.

Description of Cisco Router – “Show commands” – Part-2

Show Commands:

SHOW CDF NEIGHBORS DETAIL ; yields a greater amount of information regarding neighbor devices.

SHOW CDF TRAFIC ;displays information about interface traffic.

SHOW CDF INTERFACE ;displays interface status and configuration information about the local device.

SHOW CDF ENTRY <HOSTNAME> ;shows information on a specific node.

SHOW USERS ;displays all active Telnet sessions by connection.

SHOW SESSION;displays all active Telnet sessions by session number.

SHOW FLASH ;shows router memory,size of image file,etc.

SHOW MAC-ADDRESS-TABLE ;displays the MAC address table and helps to determine how many dynamic (learned by switch ),permanent (administratively assigned to certain ports ),and static addresses (restricts traffic to a particular MAC address from a specific source) are present.

SHOW HOSTS ;displays a cached list of host name to IP address mappings.

SHOW ACCESS-LIST ;displays the access lists and their contents.

Idea of “NO (Disables Cisco IOS features)” …

NO (Disables Cisco IOS features)

NO CDP RUN ;a global command that disables CDP at the device level and prevents other non-CDP capable devices from getting information about your device.
NO CDP ENABLE ;disables CDP on a given interface.
NO IP ADRESS (resets the IP address  for that device).
NO DEFAULT-GATEWAY (resets the default gateway IP address).
NO DEBUG ALL or UNDEBUG ALL ;turns off all debugging.
NO IP ACCESS-GROUP ;removes an Access list from an interface.
NO ACCESS-LIST ; removes an Access list from the router.
NO IP-ROUTE CACHE ;disables fast-switching for IP on an Ethernet interface.

Cisco Router – How to using COPY Command (copies configuration information to specified location)

COPY (copies configuration information to specified location)

When a configuration is copied into RAM from ANY SOURCE,it is merged.If a configuration file is being copied into NVRAM or a TFTP server,it is copied.

COPY RUNNING-CONFIGURATION STARTUP-CONFIGURATION or WRITE MEMORY ;saves the current configuration to NVRAM.

COPY RUNNING STARTUP ;copies configuration from RAM to NVRAM.

COPY STARTUP  RUNNING ;merges configuration from NVRAM to RAM.

COPY TFTP RUN ; merges configuration from TFTP to RAM.

COPY RUN TFTP ;copies configuration from RAM to TFTP.YOU will need to copy a router’s configuration to a TFTP server if it is larger than 32,000 bytes,which is the largest configuration that can fit into RAM.

COPY START TFTP ; copies configuration from NVRAM to TFTP.

COPY FLASH TFTP ;copies current IOS from router flash memory to network server.

COPY  TFTP FLASH ;copies image file from TFTP server to flash.This is used to upgrade the IOS image file to a newer version,or if your IOS image becomes corrupt.

How to Cascade a Cisco Router’s…!!!!!!

Step 1 : Designate which one of your routers will be the primary router and which will be secondary. Your primary router should already be configured as, or with your modem.

Step 2 : Connect your computer directly to your secondary router using an Ethernet cable by plugging the cable into one of the numbered Ethernet ports on the back of the router and to an Ethernet port on your computer. Make sure it is not plugged into your primary router.

Step 3 : Access your router’s web-based configuration menu. Connect to the router’s IP address with a web browser.

• Depending on the make of your router, you may have to navigate to a specific URL to access your router’s web-based configuration menu. Consult your router’s user manual to find out.

Step 4 : Look for the local IP settings and reset the router’s IP address from its default settings. The key here is to make sure that your secondary router has a different final digit than the IP address of your primary router.

• An example IP for your primary router is 192.168.1.1. So an example of your secondary router’s IP address could be 192.168.1.2.

Step 5 : Locate the router’s DHCP Server settings and turn them off.

Step 6 : Make sure your router is set to router operating mode. This is often located in an advanced settings menu.

Step 7 : Plug another Ethernet cable into one of the numbered Ethernet ports on the back of the primary router. Plug the other end of that cable into a numbered Ethernet port on the back of the secondary router. Your routers are now cascaded.

Method 2 of 2 :
Connect Ethernet to Internet or LAN to WAN 

Step 1 : Connect your computer to your secondary router and access the web-based configuration menu.

Step 2 : Change the local IP address so that the second-to-last digit is different from your primary router.

• If your primary IP address is 192.168.0.1 then your secondary router’s IP address should be something like 192.168.2.1.

Step 3 : Save your IP address changes.

• Disconnect your secondary router from your computer.
  

Step 4: Plug an Ethernet cable into one of the numbered Ethernet ports on the back of your primary router.

Plug the other end of the cable into the Internet port of your secondary router. Your routers are now cascaded.

CCNA NAT Configuration with PAT

PAT - Port Address translation. We use PAT in that condition when we have few Public IP & hundreds of inside local address need to translate. Pat use port numbers in transport layer to identify hosts. can translate up to 65,000 hosts with one real IP.Sometimes we called this overload operation also.

In this example the internal network using 30.0.0.0 network.we will use one public ip 50.0.0.1.

Router(config)#hostname R0
R0(config)#enable secret open
R0(config)#int fa
R0(config)#int fastEthernet 0/1
R0(config-if)#ip add
R0(config-if)#ip address 30.0.0.1 255.0.0.0
R0(config-if)#no shut

R0(config-if)#exit

R0(config)#int serial 2/0

R0(config-if)#ip add
R0(config-if)#ip address 20.0.0.1 255.0.0.0
R0(config-if)#no shut

R0(config)#ip route 0.0.0.0 0.0.0.0 serial 2/0

R0(config)#access-list 1 permit 30.0.0.0 0.0.0.255
R0(config)#ip nat pool test 50.0.0.1 50.0.0.1 netmask 255.0.0.0
R0(config)#ip nat inside source list 1 pool test overload

R0(config)#int fastEthernet 0/1
R0(config-if)#ip nat inside
R0(config-if)#exit
R0(config)#int serial 2/0
R0(config-if)#ip nat outside
R0(config-if)#exit
R0(config)#exit

Now goto R1 Router

Router(config)#hostname R1
R1(config)#enable secret open

R1(config)#int fastEthernet 0/0
R1(config-if)#ip address 10.0.0.1 255.0.0.0
R1(config-if)#no shut

R1(config-if)#exit

R1(config)#int serial 2/0

R1(config-if)#ip address 20.0.0.2 255.0.0.0
R1(config-if)#no shut

R1(config)#ip route 0.0.0.0 0.0.0.0 serial 2/0

Now ping from all host  PC to server(10.0.0.2) and goto R0 Router and apply below command.We can see port numbers with below report.

R0#sh ip nat translations
Pro  Inside global     Inside local       Outside local      Outside global
icmp 50.0.0.1:1024     30.0.0.2:1         10.0.0.2:1         10.0.0.2:1024
icmp 50.0.0.1:1025     30.0.0.2:2         10.0.0.2:2         10.0.0.2:1025
icmp 50.0.0.1:1026     30.0.0.2:3         10.0.0.2:3         10.0.0.2:1026
icmp 50.0.0.1:1027     30.0.0.2:4         10.0.0.2:4         10.0.0.2:1027
icmp 50.0.0.1:1        30.0.0.3:1         10.0.0.2:1         10.0.0.2:1
icmp 50.0.0.1:2        30.0.0.3:2         10.0.0.2:2         10.0.0.2:2
icmp 50.0.0.1:3        30.0.0.3:3         10.0.0.2:3         10.0.0.2:3
icmp 50.0.0.1:4        30.0.0.3:4         10.0.0.2:4         10.0.0.2:4

                                                                               ——————– Thanks Everyone

CCNA-Idea of Frame Relay ::Part-1

 

What is Frame Relay?

Frame relay is a technology which work in layer 2 for switching packet by sharing users bandwidth. It’s using X.25 technology. Basically Frame relay used for WAN connection, to connect geographically separate located devices.

We called frame relay devices as DTE device such as Computer,Data Terminal,Router, Bridge and other network devices.We use DCE such as converter managed by provider(ISP), devices to matching clock rate with DTE devices for communicate with another DTE devices of other end.

Virtual Circuit:Used in frame relay network to connect DTE devices using a circuit .There are two types of Virtual Circuit used in fame relay network.

1.PVCs- Permanent Virtual Circuits.For those connections which used for permanent.

2.SVCs- Switched Virtual Circuits set connection only when data need to send. not permanent.

DLCI- Data Link Connection Identifier. In frame relay network DTE devices identified by DLCI numbers.Used in frame relay Interface to communicate different virtual circuits.It’s use Inverse ARP similar to ARP but it MAP a DLCI to a IP address.

LMI- Local Management Interface- Used between your router and frame relay switch. Allow for passing information about  your network and virtual circuits.Three types of LMI use can use. a) Cisco b)ANSI c) ITU-T(Q.933A). It’s depend on which type of media you using.

CCNA-Using of Frame Relay ::Part-2

 

 Frame Relay Point-to-point:

Used to connect two devices under same subnet. DLCI number can configure on Interface or Sub Interface.In this type of point to point connection no need Inverse Arp.

In this example we took two router and one frame relay cloud.Remember all routers are DTE.Assume that two router located in Dhaka And Chittagong.connected via ISP with frame relay cloud.Lets configure first  Chittagong then Dhaka

Router(config)#hostname Ctg
Ctg(config)#int serial 3/0
Ctg(config-if)#ip address 192.168.1.1 255.255.255.252
Ctg(config-if)#encapsulation frame-relay
Ctg(config-if)#bandwidth 64
Ctg(config-if)#frame-relay lmi-type cisco
Ctg(config-if)#frame-relay interface-dlci 100
Ctg(config-if)#no shut
Now Dhaka
Router(config)#hostname Dhk
Dhk(config)#int serial 2/0
Dhk(config-if)#ip address 192.168.1.2 255.255.255.252
Dhk(config-if)#encapsulation frame-relay
Dhk(config-if)#bandwidth 64
Dhk(config-if)#frame-relay lmi-type cisco
Dhk(config-if)#frame-relay interface-dlci 200
Dhk(config-if)#no shut
Now Frame Cloud -
Go to serial interface & add DLCI numbers.

now go to frame relay option & add like below

In packet tracer it’s easy to configure frame relay cloud switch but  real configuration is different.Need to map ……..

How to apply access list to the CISCO router …!!!!

Access List:

 

You can use the console or telnet to one of the interfaces in your router.

Example 1: Applying access list 102 (Inbound) to Serial 0.

Router>enable

Router#Config term

Router(config)# interface serial 0

Router(config-if)# ip access-group 102 in

Router(config-if)#exit

(config)#exit

Example 2 : Applying access list 101 (Outbound) to Ethernet 0 .

Router# config term

Router (Config)# interface Ethernet 0

Router (Config-if)# ip access-group 101 out

Router (config-if)#exit

(Config)#exit

Example 3 : To remove access list from Serial 0

Router>Config term

Router(config)# interface Serial 0

Router(config-if)# no ip access-group 101 out

Router(config-if)#exit

(config)#exit

Some helpful commands to monitor and verify the access list.

Show running-config                            {displays active configuration and presence of
access group}.

show access-list                                  {displays all access-list}

show access-list 1xx                            {displays access list 1xx only}

show ip access-list                              {displays IP access-list}

show interface serial 0                        {displays info on serial 0 interface)

no access-list 1xx                               {remove access-list 1xx only}

copy running-config start-up config      {save the active configuration to NVRAM}

Access List Guidelines :

1. Access List numbers indicate which protocol is filtered. Extended IP is from 100-199
2. Only one access list per protocol, per direction, per interface is allowed.
3. Top-down processing. Most restrictive statements should be at the top.
4. At the end of the access list is an implicit deny all. Due to the implicit deny, there
should be at least one permit statement on every access list.
5. New Entries are added to the bottom. Any new access list are added to the bottom of the list. If modifications are necessary, delete access list and recreate the entire access list off-line such as with text editor and upload any changes from TFTP server or Cut and Paste from a computer.
6. Create access list before applying it to the interface.
7. Access lists only filter traffic going through the router. It does not apply to traffic
originated from the router.

Cisco IOS Command Line Interface Shortcuts …!!!!

1. The Cursor movement Shortcuts are given below :

Cursor Movement Shortcuts

Shortcut	Description	Mnemonic
Ctrl+A	Move cursor to the beginning for the line	Alpha, First letter == beginning
Ctrl+E	Move cursor to the end of the line	E for End
Ctrl+F	Move cursor forward one character	F for Forward
Ctrl+B	Move cursor backward	B for Backward
Esc+F	Moves forward one word	Always forget the escape version
Esc+B	Moves backwards one word	Ditto
Ctrl+P	Previous command	P for Previous – also up arrow
Ctrl+N	Next command	N for Next – also down arro

2. The editing Shortcuts are given below :

Editing Shortcuts

Shortcut	Description	Mnemonic
Ctrl+W	Delete the word to the left from the cursor	W for Word
Ctrl+U	Delete the whole line	??
Ctrl+T	Swap or transpose the current character with the one before it	T for Transpose
Ctrl+K	Erase characters from the cursor to end of the line	??
Ctrl+X	Erase characters from the cursor to beginning of the line	??
Esc+D	Delete from Cursor to end of word
Delete	Removes the character to the right of the cursor
Backspace	Removes the character to the left of the cursor
Up Arrow	Allows you to scroll forward through previous commands
Down Arrow	Allows you to scroll backwards through previous commands

3. The functional shortcuts are given below :

Functional Shortcuts

Shortcut	Description	Mnemonic
Ctrl+L	Reprint the line	L for Line
Ctrl+R	Refresh	R for Repeat – starts a new line, with the same command shown (If the system sends a message to the screen while a command is being entered and your are not using line synchonisation
Tab	Command autocomplete	No Comment
Ctrl+C	Exit. Exit from config mode
Ctrl+Z	Apply the command line and exit from config mode ie. return to privileged EXEC mode.
Ctrl+Shift+6 (X)	CTRL-SHIFT-6 is one action, the X is the second action

4. The Less common shortcuts are listed below :

Less Common Shortcuts

Shortcut	Description	Mnemonic
Esc, C	Makes the letter at the cursor uppercase.	C for Capital
Esc, L	Changes the word at the cursor to lowercase	L for Lower
Esc, U	Makes letters from the cursor to the end of the word uppercase.	U for Uppercase

5. Using the delete buffer are listed below :

Using the Delete Buffer

Shortcut	Description	Mnemonic
The buffer stores the last ten items that have been deleted using Ctrl-K, Ctrl-U, or Ctrl-X
Ctrl-Y	Paste the most recent entry in the delete buffer	Y for “Yank” as in Yank from buffer
Esc-Y	Paste the Previous entry in the history buffer	Y for “Yank” as in Yank from buffer

Configuring Site to Site IPSec VPN Tunnel Between Cisco Routers …!!!

 

Site to Site IPSec VPN Tunnel :

Site-to-Site IPSec VPN Tunnels are used to allow the secure transmission of data, voice and video between two sites (e.g offices or branches). The VPN tunnel is created over the Internet public network and encrypted using a number of advanced encryption algorithms to provide confidentiality of the data transmitted between the two sites.

This article will show how to setup and configure two Cisco routers to create a permanent secure site-to-site VPN tunnel over the Internet, using the IPSec protocol.

ISAKMP (Internet Security Association and Key Management Protocol) and IPSec are essential to building and encrypting the VPN tunnel. ISAKMP, also called IKE (Internet Key Exchange), is the negotiation protocol that allows two hosts to agree on how to build an IPsec security association. ISAKMP negotiation consists of two phases:

1. Phase 1 : creates the first tunnel, which protects later ISAKMP negotiation messages.
2. Phase 2 : creates the tunnel that protects data. IPSec then comes into play to encrypt the data using encryption algorithms and provides authentication, encryption and anti-replay services.
IPSec VPN Requirements :

To help make this an easy-to-follow exercise, we have split it into two steps that are required to get the Site-to-Site IPSec VPN Tunnel to work.

These steps are :

(1)  Configure ISAKMP (ISAKMP Phase 1)

(2)  Configure IPSec  (ISAKMP Phase 2, ACLs, Crypto MAP)

Our example setup is between two branches of a small company, these are Site 1 and Site 2. Both the branch routers connect to the Internet and have a static IP Address assigned by their ISP as shown on the diagram :

#. Site 1 is configured with an internal network of 10.10.10.0/24, while Site 2 is configured with network 20.20.20.0/24. The goal is to securely connect both LAN networks and allow full communication between them, without any restrictions.

#. Configure ISAKMP (IKE) – (ISAKMP Phase 1) :

To begin, we’ll start working on the Site 1 router (R1).

First step is to configure an ISAKMP Phase 1 policy :

R1(config)#  crypto isakmp policy 1

R1(config-isakmp)# encr 3des

R1(config-isakmp)# hash md5

R1(config-isakmp)# authentication pre-share

R1(config-isakmp)# group 2

R1(config-isakmp)# lifetime 86400

#.The above commands define the following (in listed order) :

3DES - The encryption method to be used for Phase 1.

MD5 - The hashing algorithm

Pre-share - Use Pre-shared key as the authentication method

Group 2 - Diffie-Hellman group to be used

86400 – Session key lifetime. Expressed in either kilobytes (after x-amount of traffic, change the key) or seconds. Value set is the default value.

Next we are going to define a pre shared key for authentication with our peer (R2 router) by using the following command:

R1(config)# crypto isakmp key firewallcx address 1.1.1.2

The peer’s pre shared key is set to firewallcx and its public IP Address is 1.1.1.2. Every time R1 tries to establish a VPN tunnel with R2 (1.1.1.2), this pre shared key will be used.

Configure IPSec :

To configure IPSec we need to setup the following in order :

- Create extended ACL

- Create IPSec Transform

- Create Crypto Map

- Apply crypto map to the public interface

#.Creating Extended ACL :

Next step is to create an access-list and define the traffic we would like the router to pass through the VPN tunnel.  In this example, it would be traffic from one network to the other, 10.10.10.0/24 to 20.20.20.0/24.  Access-lists that define VPN traffic are sometimes calledcrypto access-list or interesting traffic access-list.

R1(config)# ip access-list extended VPN-TRAFFIC
R1(config-ext-nacl)# permit ip 10.10.10.0  0.0.0.255  20.20.20.0  0.0.0.255

Create IPSec Transform (ISAKMP Phase 2 policy)Next step is to create the transform set used to protect our data. We’ve named this TS:

R1(config)# crypto ipsec transform-set TS esp-3des esp-md5-hmac

The above command defines the following :

- ESP-3DES - Encryption method

-   MD5         -  Hashing algorithm

Create Crypto Map :The Crypto map is the last step of our setup and connects the previously defined ISAKMP and IPSec configuration together.

R1(config)# crypto map CMAP 10 ipsec-isakmp

R1(config-crypto-map)# set peer 1.1.1.2

R1(config-crypto-map)# set transform-set TS

R1(config-crypto-map)# match address VPN-TRAFFIC

Apply Crypto Map to the Public Interface :The final step is to apply the crypto map to the outgoing interface of the router. Here, the outgoing interface is FastEthernet 0/1.

R1(config)# interface FastEthernet0/1
R1(config- if)# crypto map CMAP

Note : You can assign only one crypto map to an interface .

#. We now move to the Site 2 router to complete the VPN configuration. The settings for Router 2 are identical, with the only difference being the peer IP Addresses and access lists :

R2(config)# crypto isakmp policy 1

R2(config-isakmp)# encr 3des

R2(config-isakmp)# hash md5

R2(config-isakmp)# authentication pre-share

R2(config-isakmp)# group 2

R2(config-isakmp)# lifetime 86400

R2(config)# crypto isakmp key firewallcx address 1.1.1.1

R2(config)# ip access-list extended VPN-TRAFFIC

R2(config-ext-nacl)# permit ip 20.20.20.0 0.0.0.255 10.10.10.0 0.0.0.255

R2(config)# crypto ipsec transform-set TS esp-3des esp-md5-hmac

R2(config)# crypto map CMAP 10 ipsec-isakmp

R2(config-crypto-map)# set peer 1.1.1.1

R2(config-crypto-map)# set transform-set TS

R2(config-crypto-map)# match address VPN-TRAFFIC

R2(config)# interface FastEthernet0/1

R2(config- if)# crypto map CMAP

ThanksEveryone________